def __init__(self,
address: str,
port: int,
use_ssl: bool = False,
access_token: str = "",
channel_shutdown_timeout: timedelta = timedelta(minutes=2)):
if (address is None):
raise ValueError("address")
if (port is None):
raise ValueError("port")
host = "{0}:{1}".format(address, port)
metadata_transormer = (lambda x: [('authorization', access_token)])
grpc.composite_channel_credentials(
grpc.ssl_channel_credentials(),
grpc.metadata_call_credentials(metadata_transormer))
if use_ssl:
self._channel_func = lambda: grpc.secure_channel(
host, grpc.ssl_channel_credentials())
else:
self._channel_func = lambda: grpc.insecure_channel(host)
self.__channel_shutdown_timeout = channel_shutdown_timeout
self.__channel_usable_until = None
self.__channel = None
def __init__(self, server, ca, creds=None):
with open(ca, 'rb') as f:
cert = f.read()
ssl_creds = grpc.ssl_channel_credentials(root_certificates=cert)
if creds:
channel_creds = grpc.composite_channel_credentials(
ssl_creds, creds)
else:
channel_creds = grpc.composite_channel_credentials(ssl_creds)
channel = grpc.secure_channel(server, channel_creds)
self.stub = epp_pb2_grpc.EPPProxyStub(channel)
def main(args):
# read the file containing a session token to authenticate with
token = args.token_file.read().strip()
# create the header object for the token
callCreds = grpc.access_token_call_credentials(token)
# if using a self-signed certificate (should be provided as arg)
if args.cert_file:
# create the channel using the self-signed cert
cert = args.cert_file.read()
channelCreds = grpc.ssl_channel_credentials(root_certificates=cert)
else:
# otherwise default to checking against CAs
channelCreds = grpc.ssl_channel_credentials()
connCreds = grpc.composite_channel_credentials(channelCreds, callCreds)
if args.tag_value:
tag_value = args.tag_value
if args.tag_name:
tag_name = args.tag_name
# initialize a connection to the server using our connection settings (auth + TLS)
with grpc.secure_channel(args.server, connCreds) as channel:
tag_stub = services.InterfaceTagConfigServiceStub(channel)
req = services.InterfaceTagConfigSetRequest(
value=models.InterfaceTagConfig(
key=models.TagKey(label=wrappers.StringValue(value=tag_name),
value=wrappers.StringValue(
value=tag_value))))
tag_stub.Set(req, timeout=RPC_TIMEOUT)
def get_credentials(lnd_dir):
tls_certificate = open(lnd_dir + '/tls.cert', 'rb').read()
ssl_credentials = grpc.ssl_channel_credentials(tls_certificate)
macaroon = codecs.encode(open(lnd_dir + '/data/chain/bitcoin/mainnet/admin.macaroon', 'rb').read(), 'hex')
auth_credentials = grpc.metadata_call_credentials(lambda _, callback: callback([('macaroon', macaroon)], None))
combined_credentials = grpc.composite_channel_credentials(ssl_credentials, auth_credentials)
return combined_credentials
def run():
# Read exported (PEM formatted) server TLS certificate from disk
certificate = open('<< ADD PATH TO EXPORTED SERVER CERTIFICATE >>',
'rb').read()
tls_credentials = grpc.ssl_channel_credentials(certificate)
# Apply the api key to every request that is made with the client
apikey_credentials = grpc.metadata_call_credentials(
ApiKeyCallCredentials('<< ADD API KEY >>'))
combined_credentials = grpc.composite_channel_credentials(
tls_credentials, apikey_credentials)
# gRPC channel setup to connect to ibaHD-API endpoint in ibaHD-Server
# Increasing the default message size (~4MB) is recommended (c int32 max = 2147483647)
with grpc.secure_channel('127.0.0.1:9003',
combined_credentials,
options=[('grpc.max_receive_message_length',
2147483647)]) as channel:
# Instantiate ibaHD-API client on the gRPC channel
client = ibaHD_API_pb2_grpc.HdApiServiceStub(channel)
# Simple request to retrieve stores
response = client.GetHdStores(
request=ibaHD_API_pb2.GetHdStoresRequest())
# Clean channel shutdown
channel.close()
print(response)
def MakeSecureChannel(target):
"""Creates grpc secure channel.
Args:
target: str, The server address, for example:
bigtableadmin.googleapis.com:443.
Returns:
grpc.secure channel.
"""
credentials = cred_store.Load()
# ssl_channel_credentials() loads root certificates from
# `grpc/_adapter/credentials/roots.pem`.
transport_creds = grpc.ssl_channel_credentials()
custom_metadata_plugin = _MetadataPlugin(credentials)
auth_creds = grpc.metadata_call_credentials(
custom_metadata_plugin, name='google_creds')
channel_creds = grpc.composite_channel_credentials(
transport_creds, auth_creds)
channel_args = (
('grpc.primary_user_agent',
http.MakeUserAgentString(properties.VALUES.metrics.command_name.Get())),
)
return grpc.secure_channel(target, channel_creds,
options=channel_args)
def _conn(host: str = "localhost", rpc_port: int = 50051, conf_address: str = "http://localhost/auth", client_id: str = None,
client_secret: str = None, pkey=None, cert=None, ca=None):
"""
`host` The host to connect to.
`rpc_port` The gRPC port for host.
`conf_address` The complete address for the auth configuration endpoint.
`client_id` Your client id for your OAuth Auth provider.
`client_secret` Corresponding client secret.
`pkey` Private key for client authentication
`cert` Corresponding signed certificate. CN must reflect your hosts FQDN, and must be signed by the servers
CA.
`ca` CA trust for the server.
`secure_conf` Whether the server hosting configuration is secured (https)
Returns A gRPC channel
"""
# TODO: make this more robust so it can handle SSL without client verification
if pkey and cert and client_id and client_secret:
call_credentials = grpc.metadata_call_credentials(AuthTokenPlugin(host, conf_address, client_id, client_secret))
# Channel credential will be valid for the entire channel
channel_credentials = grpc.ssl_channel_credentials(ca, pkey, cert)
# Combining channel credentials and call credentials together
composite_credentials = grpc.composite_channel_credentials(
channel_credentials,
call_credentials,
)
channel = grpc.secure_channel(f"{host}:{rpc_port}", composite_credentials)
else:
channel = grpc.insecure_channel(f"{host}:{rpc_port}")
return channel
def make_secure_channel(credentials, user_agent, host):
"""Makes a secure channel for an RPC service.
Uses / depends on gRPC.
:type credentials: :class:`oauth2client.client.OAuth2Credentials`
:param credentials: The OAuth2 Credentials to use for creating
access tokens.
:type user_agent: str
:param user_agent: The user agent to be used with API requests.
:type host: str
:param host: The host for the service.
:rtype: :class:`grpc._channel.Channel`
:returns: gRPC secure channel with credentials attached.
"""
# ssl_channel_credentials() loads root certificates from
# `grpc/_adapter/credentials/roots.pem`.
transport_creds = grpc.ssl_channel_credentials()
custom_metadata_plugin = MetadataPlugin(credentials)
auth_creds = grpc.metadata_call_credentials(custom_metadata_plugin,
name='google_creds')
channel_creds = grpc.composite_channel_credentials(transport_creds,
auth_creds)
target = '%s:%d' % (host, http_client.HTTPS_PORT)
channel_args = (('grpc.primary_user_agent', user_agent), )
return grpc.secure_channel(target, channel_creds, options=channel_args)
def make_secure_stub(credentials, user_agent, stub_class, host):
"""Makes a secure stub for an RPC service.
Uses / depends on gRPC.
:type credentials: :class:`oauth2client.client.OAuth2Credentials`
:param credentials: The OAuth2 Credentials to use for creating
access tokens.
:type user_agent: str
:param user_agent: (Optional) The user agent to be used with API requests.
:type stub_class: type
:param stub_class: A gRPC stub type for a given service.
:type host: str
:param host: The host for the service.
:rtype: object, instance of ``stub_class``
:returns: The stub object used to make gRPC requests to a given API.
"""
# ssl_channel_credentials() loads root certificates from
# `grpc/_adapter/credentials/roots.pem`.
transport_creds = grpc.ssl_channel_credentials()
custom_metadata_plugin = MetadataPlugin(credentials)
auth_creds = grpc.metadata_call_credentials(custom_metadata_plugin,
name='google_creds')
channel_creds = grpc.composite_channel_credentials(transport_creds,
auth_creds)
target = '%s:%d' % (host, http_client.HTTPS_PORT)
channel_args = (('grpc.primary_user_agent', user_agent), )
channel = grpc.secure_channel(target, channel_creds, options=channel_args)
return stub_class(channel)
def run():
with open("kyma.pem", "rb") as fp:
channel_credential = grpc.ssl_channel_credentials(fp.read())
call_credentials = grpc.metadata_call_credentials(AuthGateway(),
name='auth gateway')
composite_credentials = grpc.composite_channel_credentials(
channel_credential,
call_credentials,
)
if os.environ.get("_DEV_") == "true":
print("-------------- insecure_channel --------------")
channel = grpc.insecure_channel('127.0.0.1:50051')
else:
print("-------------- secure_channel --------------")
channel = grpc.secure_channel(os.environ.get(
"_GRPC_SERVER_"), composite_credentials)
stub = orders_pb2_grpc.OrderStub(channel)
print("-------------- RecordOrder--------------")
record_orders(stub)
print("-------------- GetOrders --------------")
get_orders(stub)
channel.close()
def main(args):
# read the file containing a session token to authenticate with
token = args.token_file.read().strip()
# create the header object for the token
callCreds = grpc.access_token_call_credentials(token)
# if using a self-signed certificate (should be provided as arg)
if args.cert_file:
cert = args.cert_file.read()
channelCreds = grpc.ssl_channel_credentials(root_certificates=cert)
else:
# otherwise default to checking against CAs
channelCreds = grpc.ssl_channel_credentials()
connCreds = grpc.composite_channel_credentials(channelCreds, callCreds)
# create a stream request
subscribe = services.EventStreamRequest()
# create a filter model
event_filter = models.Event()
if args.event_type:
event_filter.event_type.value = args.event_type
if args.severity:
# enum with val 0 is always unset
event_filter.severity = SEVERITIES.index(args.severity) + 1
subscribe.partial_eq_filter.append(event_filter)
# initialize a connection to the server using our connection settings (auth + TLS)
with grpc.secure_channel(args.server, connCreds) as channel:
event_stub = services.EventServiceStub(channel)
for resp in event_stub.Subscribe(subscribe, timeout=RPC_TIMEOUT):
print(resp.value)
print("\n")
def __init__(
self,
consul_endpoint=None,
work_dir="/tmp/xos_grpc_protos",
endpoint="localhost:50055",
reconnect_callback=None,
cacert=SERVER_CA,
username=None,
password=None,
sessionid=None,
):
server_ca = open(cacert, "r").read()
if sessionid:
call_creds = metadata_call_credentials(SessionIdCallCredentials(sessionid))
else:
call_creds = metadata_call_credentials(
UsernamePasswordCallCredentials(username, password)
)
chan_creds = ssl_channel_credentials(server_ca)
chan_creds = composite_channel_credentials(chan_creds, call_creds)
super(SecureClient, self).__init__(
consul_endpoint, work_dir, endpoint, self.reconnected, chan_creds
)
self.reconnect_callback2 = reconnect_callback
def create_channel(config: "Config") -> "Channel":
"""
Create a :class:`Channel` for the specified configuration.
"""
u = urlparse(config.url.url)
options = [
("grpc.max_send_message_length", -1),
("grpc.max_receive_message_length", -1),
]
if not config.url.use_http_proxy:
options.append(("grpc.enable_http_proxy", 0))
if (u.scheme in ("https", "grpcs")) or config.ssl:
credentials = ssl_channel_credentials(
root_certificates=config.ssl.ca,
private_key=config.ssl.cert_key,
certificate_chain=config.ssl.cert,
)
if config.access.token:
credentials = composite_channel_credentials(
credentials, metadata_call_credentials(GrpcAuth(config))
)
return secure_channel(u.netloc, credentials, options)
else:
return insecure_channel(u.netloc, options)
def __init__(self, config):
self.displayName = config['name']
with open(config['tls_cert'], 'rb') as tls_cert_file:
cert_credentials = grpc.ssl_channel_credentials(
tls_cert_file.read())
if config['admin_macaroon']:
with open(config['admin_macaroon'], 'rb') as macaroon_file:
macaroon = codecs.encode(macaroon_file.read(), 'hex')
macaroon_credentials = self.get_macaroon_credentials(
macaroon)
credentials = grpc.composite_channel_credentials(
cert_credentials, macaroon_credentials)
else:
credentials = cert_credentials
channel = grpc.secure_channel(config["rpc_host"], credentials)
# Due to updated ECDSA generated tls.cert we need to let gprc know that
# we need to use that cipher suite otherwise there will be a handhsake
# error when we communicate with the lnd rpc server.
os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA'
logger.info(
f'CONNECTING TO {config["name"]}: {config["rpc_host"]}')
self.client = lnrpc.LightningStub(channel)
self.identity_pubkey = self.getinfo().identity_pubkey
def _get_stub(self): # pragma: no cover
url = "{}:{}".format(self.host, self.port)
# Lnd cert is at ~/.lnd/tls.cert on Linux and
# ~/Library/Application Support/Lnd/tls.cert on Mac
cert = open(os.path.expanduser(self.tls_cert_path), "rb").read()
cert_creds = grpc.ssl_channel_credentials(cert)
# Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and
# ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac
with open(os.path.expanduser(self.macaroon_path), "rb") as f:
macaroon_bytes = f.read()
macaroon = codecs.encode(macaroon_bytes, "hex")
self.macaroon = codecs.encode(macaroon_bytes, "hex")
def metadata_callback(context, callback):
# for more info see grpc docs
callback([("macaroon", macaroon)], None)
# now build meta data credentials
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# combine the cert credentials and the macaroon auth credentials
# such that every call is properly encrypted and authenticated
combined_creds = grpc.composite_channel_credentials(
cert_creds, auth_creds)
# finally pass in the combined credentials when creating a channel
channel = grpc.secure_channel(url, combined_creds)
return lnd_pb2_grpc.LightningStub(channel)
def get_stub(self):
def metadata_callback(context, callback):
with open('resources/admin.macaroon', 'rb') as f:
macaroon_bytes = f.read()
macaroon = codecs.encode(macaroon_bytes, 'hex')
callback([('macaroon', macaroon)], None)
os.environ["GRPC_SSL_CIPHER_SUITES"] = "HIGH+ECDSA"
cert = open('resources/tls.cert').read()
# build ssl credentials using the cert the same as before
cert_creds = grpc.ssl_channel_credentials(cert)
# now build meta data credentials
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# combine the cert credentials and the macaroon auth credentials
# such that every call is properly encrypted and authenticated
combined_creds = grpc.composite_channel_credentials(
cert_creds, auth_creds)
# finally pass in the combined credentials when creating a channel
channel = grpc.secure_channel('projects.koshikraj.com:10009',
combined_creds)
stub = lnrpc.LightningStub(channel)
return stub
def MakeSecureChannel(target):
"""Creates grpc secure channel.
Args:
target: str, The server address, for example:
bigtableadmin.googleapis.com:443.
Returns:
grpc.secure channel.
"""
credentials = cred_store.Load()
# ssl_channel_credentials() loads root certificates from
# `grpc/_adapter/credentials/roots.pem`.
transport_creds = grpc.ssl_channel_credentials()
custom_metadata_plugin = _MetadataPlugin(credentials)
auth_creds = grpc.metadata_call_credentials(
custom_metadata_plugin, name='google_creds')
channel_creds = grpc.composite_channel_credentials(
transport_creds, auth_creds)
channel_args = (
('grpc.primary_user_agent',
http.MakeUserAgentString(properties.VALUES.metrics.command_name.Get())),
)
return grpc.secure_channel(target, channel_creds,
options=channel_args)
def get_homegraph(self):
"""Returns the entire Google Home Foyer V2 service"""
if self.homegraph is None or self._has_expired(self.homegraph_date,
HOMEGRAPH_DURATION):
LOGGER.debug(
"There is no stored homegraph, or it has expired, getting a new one..."
)
log_prefix = "[GRPC]"
access_token = self.get_access_token()
if not access_token:
LOGGER.debug("%s Unable to obtain access token.", log_prefix)
return None
try:
LOGGER.debug("%s Creating SSL channel credentials...",
log_prefix)
scc = grpc.ssl_channel_credentials(root_certificates=None)
LOGGER.debug("%s Creating access token call credentials...",
log_prefix)
tok = grpc.access_token_call_credentials(access_token)
LOGGER.debug("%s Compositing channel credentials...",
log_prefix)
channel_credentials = grpc.composite_channel_credentials(
scc, tok)
LOGGER.debug(
"%s Establishing secure channel with "
"the Google Home Foyer API...",
log_prefix,
)
with grpc.secure_channel(GOOGLE_HOME_FOYER_API,
channel_credentials) as channel:
LOGGER.debug(
"%s Getting channels StructuresServiceStub...",
log_prefix)
rpc_service = v1_pb2_grpc.StructuresServiceStub(channel)
LOGGER.debug("%s Getting HomeGraph request...", log_prefix)
request = v1_pb2.GetHomeGraphRequest(string1="", num2="")
LOGGER.debug("%s Fetching HomeGraph...", log_prefix)
response = rpc_service.GetHomeGraph(request)
LOGGER.debug("%s Storing obtained HomeGraph...",
log_prefix)
self.homegraph = response
self.homegraph_date = datetime.now()
except grpc.RpcError as rpc_error:
LOGGER.debug("%s Got an RpcError", log_prefix)
if (rpc_error.code().name # pylint: disable=no-member
== "UNAUTHENTICATED"):
LOGGER.warning(
"%s The access token has expired. Getting a new one.",
log_prefix,
)
self.invalidate_access_token()
return self.get_homegraph()
LOGGER.error(
"%s Received unknown RPC error: code=%s message=%s",
log_prefix,
rpc_error.code(), # pylint: disable=no-member
rpc_error.details(), # pylint: disable=no-member
)
return self.homegraph
def main():
assert TOKEN != '', 'You need to set TOKEN. To obtain your token visit https://cryptomood.com/business/products/sentiment-analysis-api/.'
# Create credentials for use with an secured channel
credentials = grpc.ssl_channel_credentials(open(PATH_TO_CERT_FILE, 'rb').read())
call_credentials = grpc.access_token_call_credentials(TOKEN)
credentials = grpc.composite_channel_credentials(credentials, call_credentials)
channel = grpc.secure_channel(SERVER_ADDRESS, credentials)
# create stub
stub = types_pb2_grpc.SentimentsStub(channel)
# create timeframe
now = time.time()
seconds = int(now)
to_time = timestamp_pb2.Timestamp(seconds=seconds - int(86400 / 6))
from_time = timestamp_pb2.Timestamp(seconds=to_time.seconds - int(2 * 86400)) # last two days
# in our case we have to use kwarg because `from` is
# is recognized as python keyword so there would syntax be error
# if you want get value you have to use getattr()}
sentiment_historic_request_kwargs = { 'from': from_time, 'to': to_time, 'resolution': 'D1', 'asset': 'BTC' }
req = types_pb2.SentimentHistoricRequest(**sentiment_historic_request_kwargs)
candle_stream = stub.HistoricSocialSentiment(req)
for candle in candle_stream:
print(candle.id, candle.a)
def __init__(
self,
consul_endpoint=None,
work_dir="/tmp/xos_grpc_protos",
endpoint="localhost:50055",
reconnect_callback=None,
cacert=SERVER_CA,
username=None,
password=None,
sessionid=None,
):
server_ca = open(cacert, "r").read()
if sessionid:
call_creds = metadata_call_credentials(
SessionIdCallCredentials(sessionid))
else:
call_creds = metadata_call_credentials(
UsernamePasswordCallCredentials(username, password))
chan_creds = ssl_channel_credentials(server_ca)
chan_creds = composite_channel_credentials(chan_creds, call_creds)
super(SecureClient, self).__init__(consul_endpoint, work_dir, endpoint,
self.reconnected, chan_creds)
self.reconnect_callback2 = reconnect_callback
def _local_composite_credentials(self):
"""
Creates the credentials for the local emulator channel
:return: grpc.ChannelCredentials
"""
credentials = google.auth.credentials.with_scopes_if_required(
self._credentials, None
)
request = google.auth.transport.requests.Request()
# Create the metadata plugin for inserting the authorization header.
metadata_plugin = google.auth.transport.grpc.AuthMetadataPlugin(
credentials, request
)
# Create a set of grpc.CallCredentials using the metadata plugin.
google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin)
# Using the local_credentials to allow connection to emulator
local_credentials = grpc.local_channel_credentials()
# Combine the local credentials and the authorization credentials.
return grpc.composite_channel_credentials(
local_credentials, google_auth_credentials
)
def _run(flags):
"""Runs the main uploader program given parsed flags.
Args:
flags: An `argparse.Namespace`.
"""
logging.set_stderrthreshold(logging.WARNING)
intent = _get_intent(flags)
store = auth.CredentialsStore()
if isinstance(intent, _AuthRevokeIntent):
store.clear()
sys.stderr.write("Logged out of uploader.\n")
sys.stderr.flush()
return
# TODO(b/141723268): maybe reconfirm Google Account prior to reuse.
credentials = store.read_credentials()
if not credentials:
_prompt_for_user_ack(intent)
client_config = json.loads(auth.OAUTH_CLIENT_CONFIG)
flow = auth.build_installed_app_flow(client_config)
credentials = flow.run(force_console=flags.auth_force_console)
sys.stderr.write("\n") # Extra newline after auth flow messages.
store.write_credentials(credentials)
channel_options = None
if flags.grpc_creds_type == "local":
channel_creds = grpc.local_channel_credentials()
elif flags.grpc_creds_type == "ssl":
channel_creds = grpc.ssl_channel_credentials()
elif flags.grpc_creds_type == "ssl_dev":
channel_creds = grpc.ssl_channel_credentials(dev_creds.DEV_SSL_CERT)
channel_options = [("grpc.ssl_target_name_override", "localhost")]
else:
msg = "Invalid --grpc_creds_type %s" % flags.grpc_creds_type
raise base_plugin.FlagsError(msg)
try:
server_info = _get_server_info(flags)
except server_info_lib.CommunicationError as e:
_die(str(e))
_handle_server_info(server_info)
if not server_info.api_server.endpoint:
logging.error("Server info response: %s", server_info)
_die("Internal error: frontend did not specify an API server")
composite_channel_creds = grpc.composite_channel_credentials(
channel_creds, auth.id_token_call_credentials(credentials)
)
# TODO(@nfelt): In the `_UploadIntent` case, consider waiting until
# logdir exists to open channel.
channel = grpc.secure_channel(
server_info.api_server.endpoint,
composite_channel_creds,
options=channel_options,
)
with channel:
intent.execute(server_info, channel)
def channel(self, endpoint):
if not self._channels:
self._unauthenticated_channel = grpc.secure_channel(
self._endpoint,
self._channel_creds,
options=self.channel_options())
endpoint_service = ApiEndpointServiceStub(
self._unauthenticated_channel)
resp = endpoint_service.List(ListApiEndpointsRequest())
endpoints = resp.endpoints
plugin = _auth_plugin.Credentials(self._token_requester,
lambda: self._channels["iam"])
call_creds = grpc.metadata_call_credentials(plugin)
creds = grpc.composite_channel_credentials(self._channel_creds,
call_creds)
self._channels = {
ep.id: grpc.secure_channel(ep.address,
creds,
options=self.channel_options())
for ep in endpoints
}
if endpoint not in self._channels:
raise RuntimeError("Unknown endpoint: {}".format(endpoint))
return self._channels[endpoint]
def real_jail_session(token):
"""
Create a Jail service for testing, using TCP sockets, uses the token for auth
"""
auth_interceptor = Auth().get_auth_interceptor(allow_jailed=True)
with futures.ThreadPoolExecutor(1) as executor:
server = grpc.server(executor, interceptors=[auth_interceptor])
port = server.add_secure_port("localhost:0",
grpc.local_server_credentials())
servicer = Jail()
jail_pb2_grpc.add_JailServicer_to_server(servicer, server)
server.start()
call_creds = grpc.metadata_call_credentials(
CookieMetadataPlugin(token))
comp_creds = grpc.composite_channel_credentials(
grpc.local_channel_credentials(), call_creds)
try:
with grpc.secure_channel(f"localhost:{port}",
comp_creds) as channel:
yield jail_pb2_grpc.JailStub(channel)
finally:
server.stop(None).wait()
def get_ln_stub():
def metadata_callback(context, callback):
# for more info see grpc docs
callback([('macaroon', macaroon)], None)
os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA'
# Lnd admin macaroon is at ~/.lnd/data/chain/bitcoin/simnet/admin.macaroon on Linux and
# ~/Library/Application Support/Lnd/data/chain/bitcoin/simnet/admin.macaroon on Mac
with open(os.path.expanduser(settings.MACAROON_PATH), 'rb') as f:
macaroon_bytes = f.read()
macaroon = codecs.encode(macaroon_bytes, 'hex')
cert = open(settings.CERT_PATH, 'rb').read()
creds = grpc.ssl_channel_credentials(cert)
# now build meta data credentials
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# combine the cert credentials and the macaroon auth credentials
# such that every call is properly encrypted and authenticated
combined_creds = grpc.composite_channel_credentials(creds, auth_creds)
# channel = grpc.secure_channel(settings.LND_RPCHOST, creds)
channel = grpc.secure_channel(settings.LND_RPCHOST, combined_creds)
# stub.GetInfo(ln.GetInfoRequest(), metadata=[('macaroon', macaroon)])
stub = lnrpc.LightningStub(channel)
return stub
def main():
assert TOKEN != '', 'You need to set TOKEN. To obtain your token visit https://cryptomood.com/business/products/sentiment-analysis-api/.'
# Create credentials for use with an secured channel
credentials = grpc.ssl_channel_credentials(open(PATH_TO_CERT_FILE, 'rb').read())
call_credentials = grpc.access_token_call_credentials(TOKEN)
credentials = grpc.composite_channel_credentials(credentials, call_credentials)
channel = grpc.secure_channel(SERVER_ADDRESS, credentials)
# create stub
stub = types_pb2_grpc.HistoricDataStub(channel)
# create timeframe
now = time.time()
seconds = int(now)
to_time = timestamp_pb2.Timestamp(seconds=seconds)
from_time = timestamp_pb2.Timestamp(seconds=to_time.seconds - int(86400 / 4)) # last 6 hours
# in our case we have to use kwarg because `from` is
# is recognized as python keyword so there would syntax be error
# if you want get value you have to use getattr()
historic_request_kwargs = { 'from': from_time, 'to': to_time,
'filter': types_pb2.AssetsFilter(assets=['BTC', 'ETH'], all_assets=False)}
req = types_pb2.HistoricRequest(**historic_request_kwargs)
article_stream = stub.HistoricArticles(req)
for article in article_stream:
print(article.base.id, article.base.title)
def connect():
# Due to updated ECDSA generated tls.cert we need to let gprc know that
# we need to use that cipher suite otherwise there will be a handshake
# error when we communicate with the lnd rpc server.
os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA'
with open('/home/lnd/.lnd/tls.cert', 'rb') as f:
cert = f.read()
with open('/home/lnd/.lnd/data/chain/smartcash/mainnet/invoice.macaroon', 'rb') as f:
macaroon_bytes = f.read()
macaroon = codecs.encode(macaroon_bytes, 'hex')
def metadata_callback(_context, callback):
# for more info see grpc docs
callback([('macaroon', macaroon)], None)
# build ssl credentials using the cert the same as before
cert_creds = grpc.ssl_channel_credentials(cert)
# now build meta data credentials
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# combine the cert credentials and the macaroon auth credentials
# such that every call is properly encrypted and authenticated
combined_creds = grpc.composite_channel_credentials(cert_creds, auth_creds)
# finally pass in the combined credentials when creating a channel
channel = grpc.secure_channel('localhost:10009', combined_creds)
stub = lnrpc.LightningStub(channel)
return stub
def main():
# Due to updated ECDSA generated tls.cert we need to let gprc know that
# we need to use that cipher suite otherwise there will be a handshake
# error when we communicate with the lnd rpc server.
os.environ["GRPC_SSL_CIPHER_SUITES"] = 'HIGH+ECDSA'
with open('/home/lnd/.lnd/tls.cert', 'rb') as f:
cert = f.read()
with open('/home/lnd/.lnd/data/chain/smartcash/mainnet/invoice.macaroon', 'rb') as f:
macaroon_bytes = f.read()
macaroon = codecs.encode(macaroon_bytes, 'hex')
def metadata_callback(context, callback):
# for more info see grpc docs
callback([('macaroon', macaroon)], None)
# build ssl credentials using the cert the same as before
cert_creds = grpc.ssl_channel_credentials(cert)
# now build meta data credentials
auth_creds = grpc.metadata_call_credentials(metadata_callback)
# combine the cert credentials and the macaroon auth credentials
# such that every call is properly encrypted and authenticated
combined_creds = grpc.composite_channel_credentials(cert_creds, auth_creds)
# finally pass in the combined credentials when creating a channel
channel = grpc.secure_channel('localhost:10009', combined_creds)
stub = lnrpc.LightningStub(channel)
invoice = stub.AddInvoice(ln.Invoice(memo="Donation for Mempool"))
print("Content-Type: application/json; charset=UTF-8")
print("")
print('{"r_hash":"%s","payment_request":"%s","add_index":%d}' % (binascii.hexlify(invoice.r_hash),invoice.payment_request,invoice.add_index))
def __init__(
self,
hostname,
port=50051,
cacert=SERVER_CA,
username=None,
password=None,
sessionid=None,
):
super(SecureClient, self).__init__(hostname, port)
server_ca = open(cacert, "r").read()
if sessionid:
call_creds = metadata_call_credentials(SessionIdCallCredentials(sessionid))
else:
call_creds = metadata_call_credentials(
UsernamePasswordCallCredentials(username, password)
)
chan_creds = ssl_channel_credentials(server_ca)
chan_creds = composite_channel_credentials(chan_creds, call_creds)
self.channel = grpc.secure_channel(
"%s:%d" % (self.hostname, self.port), chan_creds
)
self.stub = xos_pb2_grpc.xosStub(self.channel)
self.modeldefs = modeldefs_pb2_grpc.modeldefsStub(self.channel)
self.utility = utility_pb2_grpc.utilityStub(self.channel)
self.xos_orm = orm.ORMStub(self.stub, "xos")
def create_channel(config: "Config") -> "Channel":
"""
Create a :class:`Channel` for the specified configuration.
"""
u = urlparse(config.url.url)
options = [
("grpc.max_send_message_length", -1),
("grpc.max_receive_message_length", -1),
]
if not config.url.use_http_proxy:
options.append(("grpc.enable_http_proxy", 0))
if (u.scheme in ("https", "grpcs")) or config.ssl:
credentials = ssl_channel_credentials(
root_certificates=config.ssl.ca,
private_key=config.ssl.cert_key,
certificate_chain=config.ssl.cert,
)
if config.access.token:
# The grpc Credential objects do not actually define a formal interface, and are
# used interchangeably in the code.
#
# Additionally there are some incorrect rules in the grpc-stubs typing rules that force
# us to work around the type system.
credentials = cast(
ChannelCredentials,
composite_channel_credentials(
credentials, metadata_call_credentials(GrpcAuth(config))),
)
return secure_channel(u.netloc, credentials, options)
else:
return insecure_channel(u.netloc, options)
def main(args):
# read the file containing a session token to authenticate with
token = args.token_file.read().strip()
# create the header object for the token
callCreds = grpc.access_token_call_credentials(token)
# if using a self-signed certificate (should be provided as arg)
if args.cert_file:
# create the channel using the self-signed cert
cert = args.cert_file.read()
channelCreds = grpc.ssl_channel_credentials(root_certificates=cert)
else:
# otherwise default to checking against CAs
channelCreds = grpc.ssl_channel_credentials()
# create channel settings (auth + TLS)
connCreds = grpc.composite_channel_credentials(channelCreds, callCreds)
# initialize a connection to the server using our connection settings (auth + TLS)
with grpc.secure_channel(args.server, connCreds) as channel:
# create the Python stub for the inventory API
# this is essentially the client, but Python gRPC refers to them as "stubs"
# because they call into the gRPC C API
stub = services.DeviceServiceStub(channel)
if args.hostname:
get_device_with_filter(stub, args.serial, args.hostname)
else:
get_device_by_serial(stub, args.serial)
def make_secure_stub(credentials, user_agent, stub_class, host):
"""Makes a secure stub for an RPC service.
Uses / depends on gRPC.
:type credentials: :class:`oauth2client.client.OAuth2Credentials`
:param credentials: The OAuth2 Credentials to use for creating
access tokens.
:type user_agent: str
:param user_agent: (Optional) The user agent to be used with API requests.
:type stub_class: type
:param stub_class: A gRPC stub type for a given service.
:type host: str
:param host: The host for the service.
:rtype: object, instance of ``stub_class``
:returns: The stub object used to make gRPC requests to a given API.
"""
# ssl_channel_credentials() loads root certificates from
# `grpc/_adapter/credentials/roots.pem`.
transport_creds = grpc.ssl_channel_credentials()
custom_metadata_plugin = MetadataPlugin(credentials, user_agent)
auth_creds = grpc.metadata_call_credentials(
custom_metadata_plugin, name='google_creds')
channel_creds = grpc.composite_channel_credentials(
transport_creds, auth_creds)
target = '%s:%d' % (host, http_client.HTTPS_PORT)
channel = grpc.secure_channel(target, channel_creds)
return stub_class(channel)
def __init__(self,
hostname,
port=50051,
cacert=SERVER_CA,
username=None,
password=None,
sessionid=None):
super(SecureClient, self).__init__(hostname, port)
server_ca = open(cacert, "r").read()
if (sessionid):
call_creds = metadata_call_credentials(
SessionIdCallCredentials(sessionid))
else:
call_creds = metadata_call_credentials(
UsernamePasswordCallCredentials(username, password))
chan_creds = ssl_channel_credentials(server_ca)
chan_creds = composite_channel_credentials(chan_creds, call_creds)
self.channel = grpc.secure_channel(
"%s:%d" % (self.hostname, self.port), chan_creds)
self.stub = xos_pb2_grpc.xosStub(self.channel)
self.modeldefs = modeldefs_pb2_grpc.modeldefsStub(self.channel)
self.utility = utility_pb2_grpc.utilityStub(self.channel)
self.xos_orm = orm.ORMStub(self.stub, "xos")
def __init__(self,
logdir,
name=None,
description=None,
origin="",
api_endpoint=""):
self.logdir = logdir
self.name = name
self.description = description
self.origin = name
self.api_endpoint = description
self.args = Namespace(logdir=self.logdir,
name=self.name,
description=self.description,
origin=self.origin,
api_endpoint=self.api_endpoint)
store = auth.CredentialsStore()
credentials = store.read_credentials()
composite_channel_creds = grpc.composite_channel_credentials(
grpc.ssl_channel_credentials(),
auth.id_token_call_credentials(credentials))
self.server_info = _get_server_info(self.args)
self.channel = grpc.secure_channel(
self.server_info.api_server.endpoint,
composite_channel_creds,
options=None)
def test_channel_credentials_composition(self):
first_call_credentials = grpc.access_token_call_credentials('abc')
second_call_credentials = grpc.access_token_call_credentials('def')
third_call_credentials = grpc.access_token_call_credentials('ghi')
channel_credentials = grpc.ssl_channel_credentials()
channel_and_first = grpc.composite_channel_credentials(
channel_credentials, first_call_credentials)
channel_first_and_second = grpc.composite_channel_credentials(
channel_credentials, first_call_credentials, second_call_credentials)
channel_first_second_and_third = grpc.composite_channel_credentials(
channel_credentials, first_call_credentials, second_call_credentials,
third_call_credentials)
self.assertIsInstance(channel_and_first, grpc.ChannelCredentials)
self.assertIsInstance(channel_first_and_second, grpc.ChannelCredentials)
self.assertIsInstance(
channel_first_second_and_third, grpc.ChannelCredentials)
def secure_authorized_channel(
credentials, request, target, ssl_credentials=None, **kwargs):
"""Creates a secure authorized gRPC channel.
This creates a channel with SSL and :class:`AuthMetadataPlugin`. This
channel can be used to create a stub that can make authorized requests.
Example::
import google.auth
import google.auth.transport.grpc
import google.auth.transport.requests
from google.cloud.speech.v1 import cloud_speech_pb2
# Get credentials.
credentials, _ = google.auth.default()
# Get an HTTP request function to refresh credentials.
request = google.auth.transport.requests.Request()
# Create a channel.
channel = google.auth.transport.grpc.secure_authorized_channel(
credentials, 'speech.googleapis.com:443', request)
# Use the channel to create a stub.
cloud_speech.create_Speech_stub(channel)
Args:
credentials (google.auth.credentials.Credentials): The credentials to
add to requests.
request (google.auth.transport.Request): A HTTP transport request
object used to refresh credentials as needed. Even though gRPC
is a separate transport, there's no way to refresh the credentials
without using a standard http transport.
target (str): The host and port of the service.
ssl_credentials (grpc.ChannelCredentials): Optional SSL channel
credentials. This can be used to specify different certificates.
kwargs: Additional arguments to pass to :func:`grpc.secure_channel`.
Returns:
grpc.Channel: The created gRPC channel.
"""
# Create the metadata plugin for inserting the authorization header.
metadata_plugin = AuthMetadataPlugin(credentials, request)
# Create a set of grpc.CallCredentials using the metadata plugin.
google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin)
if ssl_credentials is None:
ssl_credentials = grpc.ssl_channel_credentials()
# Combine the ssl credentials and the authorization credentials.
composite_credentials = grpc.composite_channel_credentials(
ssl_credentials, google_auth_credentials)
return grpc.secure_channel(target, composite_credentials, **kwargs)
def secure_authorized_channel(
credentials, target, ssl_credentials=None):
"""Creates a secure authorized gRPC channel."""
if ssl_credentials is None:
ssl_credentials = grpc.ssl_channel_credentials()
metadata_plugin = AuthMetadataPlugin(credentials)
call_credentials = grpc.metadata_call_credentials(metadata_plugin)
channel_creds = grpc.composite_channel_credentials(
ssl_credentials, call_credentials)
return grpc.secure_channel(target, channel_creds)
def create_channel(
target, credentials=None, scopes=None, ssl_credentials=None, **kwargs
):
"""Create a secure channel with credentials.
Args:
target (str): The target service address in the format 'hostname:port'.
credentials (google.auth.credentials.Credentials): The credentials. If
not specified, then this function will attempt to ascertain the
credentials from the environment using :func:`google.auth.default`.
scopes (Sequence[str]): A optional list of scopes needed for this
service. These are only used when credentials are not specified and
are passed to :func:`google.auth.default`.
ssl_credentials (grpc.ChannelCredentials): Optional SSL channel
credentials. This can be used to specify different certificates.
kwargs: Additional key-word args passed to
:func:`grpc_gcp.secure_channel` or :func:`grpc.secure_channel`.
Returns:
grpc.Channel: The created channel.
"""
if credentials is None:
credentials, _ = google.auth.default(scopes=scopes)
else:
credentials = google.auth.credentials.with_scopes_if_required(
credentials, scopes
)
request = google.auth.transport.requests.Request()
# Create the metadata plugin for inserting the authorization header.
metadata_plugin = google.auth.transport.grpc.AuthMetadataPlugin(
credentials, request
)
# Create a set of grpc.CallCredentials using the metadata plugin.
google_auth_credentials = grpc.metadata_call_credentials(metadata_plugin)
if ssl_credentials is None:
ssl_credentials = grpc.ssl_channel_credentials()
# Combine the ssl credentials and the authorization credentials.
composite_credentials = grpc.composite_channel_credentials(
ssl_credentials, google_auth_credentials
)
if HAS_GRPC_GCP:
# If grpc_gcp module is available use grpc_gcp.secure_channel,
# otherwise, use grpc.secure_channel to create grpc channel.
return grpc_gcp.secure_channel(target, composite_credentials, **kwargs)
else:
return grpc.secure_channel(target, composite_credentials, **kwargs)
def _stub(args):
target = '{}:{}'.format(args.server_host, args.server_port)
if args.test_case == 'oauth2_auth_token':
google_credentials, unused_project_id = google_auth.default(
scopes=[args.oauth_scope])
google_credentials.refresh(google_auth.transport.requests.Request())
call_credentials = grpc.access_token_call_credentials(
google_credentials.token)
elif args.test_case == 'compute_engine_creds':
google_credentials, unused_project_id = google_auth.default(
scopes=[args.oauth_scope])
call_credentials = grpc.metadata_call_credentials(
google_auth.transport.grpc.AuthMetadataPlugin(
credentials=google_credentials,
request=google_auth.transport.requests.Request()))
elif args.test_case == 'jwt_token_creds':
google_credentials = google_auth_jwt.OnDemandCredentials.from_service_account_file(
os.environ[google_auth.environment_vars.CREDENTIALS])
call_credentials = grpc.metadata_call_credentials(
google_auth.transport.grpc.AuthMetadataPlugin(
credentials=google_credentials, request=None))
else:
call_credentials = None
if args.use_tls:
if args.use_test_ca:
root_certificates = resources.test_root_certificates()
else:
root_certificates = None # will load default roots.
channel_credentials = grpc.ssl_channel_credentials(root_certificates)
if call_credentials is not None:
channel_credentials = grpc.composite_channel_credentials(
channel_credentials, call_credentials)
channel_opts = None
if args.server_host_override:
channel_opts = ((
'grpc.ssl_target_name_override',
args.server_host_override,
),)
channel = grpc.secure_channel(target, channel_credentials, channel_opts)
else:
channel = grpc.insecure_channel(target)
if args.test_case == "unimplemented_service":
return test_pb2_grpc.UnimplementedServiceStub(channel)
else:
return test_pb2_grpc.TestServiceStub(channel)
def _stub(args):
target = '{}:{}'.format(args.server_host, args.server_port)
if args.test_case == 'oauth2_auth_token':
google_credentials = _application_default_credentials()
scoped_credentials = google_credentials.create_scoped(
[args.oauth_scope])
access_token = scoped_credentials.get_access_token().access_token
call_credentials = grpc.access_token_call_credentials(access_token)
elif args.test_case == 'compute_engine_creds':
google_credentials = _application_default_credentials()
scoped_credentials = google_credentials.create_scoped(
[args.oauth_scope])
# TODO(https://github.com/grpc/grpc/issues/6799): Eliminate this last
# remaining use of the Beta API.
call_credentials = implementations.google_call_credentials(
scoped_credentials)
elif args.test_case == 'jwt_token_creds':
google_credentials = _application_default_credentials()
# TODO(https://github.com/grpc/grpc/issues/6799): Eliminate this last
# remaining use of the Beta API.
call_credentials = implementations.google_call_credentials(
google_credentials)
else:
call_credentials = None
if args.use_tls:
if args.use_test_ca:
root_certificates = resources.test_root_certificates()
else:
root_certificates = None # will load default roots.
channel_credentials = grpc.ssl_channel_credentials(root_certificates)
if call_credentials is not None:
channel_credentials = grpc.composite_channel_credentials(
channel_credentials, call_credentials)
channel = grpc.secure_channel(target, channel_credentials, ((
'grpc.ssl_target_name_override',
args.server_host_override,),))
else:
channel = grpc.insecure_channel(target)
if args.test_case == "unimplemented_service":
return test_pb2.UnimplementedServiceStub(channel)
else:
return test_pb2.TestServiceStub(channel)
def __init__(self, rpc_uri: str, peer_uri: str):
self.peer_uri = peer_uri
if LND_AUTH_DATA_PATH != 'default':
path = LND_AUTH_DATA_PATH
elif platform == "linux" or platform == "linux2":
path = '~/.lnd/'
elif platform == "darwin":
path = '~/Library/Application Support/Lnd/'
else:
raise Exception(f"What's the {platform} path for the lnd tls cert?")
self.main_lnd_path = os.path.expanduser(path)
lnd_tls_cert_path = os.path.join(self.main_lnd_path, 'tls.cert')
self.lnd_tls_cert = open(lnd_tls_cert_path, 'rb').read()
cert_credentials = grpc.ssl_channel_credentials(self.lnd_tls_cert)
admin_macaroon_path = os.path.join(self.main_lnd_path, 'admin.macaroon')
with open(admin_macaroon_path, 'rb') as f:
macaroon_bytes = f.read()
self.macaroon = codecs.encode(macaroon_bytes, 'hex')
def metadata_callback(context: _AuthMetadataPluginCallback,
callback: _AuthMetadataContext):
callback([('macaroon', self.macaroon)], None)
auth_credentials = grpc.metadata_call_credentials(metadata_callback)
self.credentials = grpc.composite_channel_credentials(cert_credentials,
auth_credentials)
self.grpc_channel = grpc.secure_channel(rpc_uri,
self.credentials
)
self.lnd_client = lnrpc.LightningStub(self.grpc_channel)
